The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Been away a week, what should i check

Discussion in 'Security' started by keat63, Jun 1, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Guys.

    I've been away for 10 days, is there anything obvious i should be looking at to confirm security hasn't been breached.
    My mailbox has almost 1000 messages, so i can't possibly read every single one.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,745
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Is there anything in particular that leads you to believe your server was hacked?

    Thank you.
     
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Not really, but i have a daily routine of scanning through the CSF emails every morning.
    I decided that almost 1000 entries was far too many to scan though so i checked a few things that i thought should be obvious had there been a compromise.

    Mail queue ..... nothing queued.
    Cpanel Login logs.
    A quick scan via FTP of user folders.

    There were a few warnings about files changed which caught my eye, but these were due to an update of some sort.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,460
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The most obvious is, those emails. They are your eyes and ears when you're away from your desk.

    Check Rootkit emails, worth viewing.
    CXS emails, always.
    LFD emails, always.
    cPanel Service monitor emails, always.
    upcp emails are mostly boring but worth a look.
    Backup complete emails, boring as well but worth a look.
    Logwatch emails too.

    The second most obvious thing might be to trim down unneeded emails.

    I prefer to disable updates while I'm away and I don't need to see Brute Force emails, I disable those. As a few examples.

    No matter where I am I have 10 minutes a day to go thru server emails.
     
Loading...

Share This Page